What is considered cyberterrorism and why does it matter today?

Computer networks are vulnerable to acts of terrorism. You are probably familiar with computer networks being attacked in recent conflicts throughout Ukraine, Kosovo, Kashmir, and the Middle East. Criminals and terrorists use cyber-based technologies to conduct devastating cyber assaults. Cyberterrorism causes a loss of time and money. According to a CRS report, one research found that cybercrime costs individuals in 24 countries $388 billion annually. So, what exactly is cyberterrorism, and why should you care? Let’s take a closer look.

What is cyberterrorism: The definition and its components

What is cyberterrorism is a hard question. According to the CRS, there is no clear definition of cyberterrorism. The closest legal definition of “act of terrorism” is provided in the U.S. Patriot Act 18 U.S.C. 2332b, which defines it as “activities or injuries that occur across international boundaries.” Activities and damages described in the Computer Fraud and Abuse Act (CFA) 18 U.S.C. 1030a-c are criminal acts instead of terrorist acts. The CFA’s description of the “punishment for an offense” includes fines or imprisonment, implying that it is a crime rather than a terrorist act.

Cyberterrorism uses cyber means to intimidate or elicit fear in a target population to promote political aims. The definition is sometimes expanded to include any cyber assault that stimulates anxiety or dread in the victim public. Damaging or eroding critical infrastructure is a typical method used by attackers.

The six components of a cyber terrorism taxonomy to explain what is cyberterrorism are as follows:

• An actor or actors with three distinct characteristics: nonstate, terrorist, and secret
• A motive can be political, sociological, economic, or ideological.
• An intent to persuade or induce someone to take some action, achieve an objective, or cause trouble.
• The method to carry out the crime, which includes using a computer and a network to access cyberspace and cross borders to commit acts of cyber warfare or crimes such as cyberattacks and threats of attacks,
• Violence, service interruptions, physical damage, psychosocial harm, economic loss, or data breaches are some of the most common effects.
• A goal, usually civilians, information and communication technology (ICT), data sources, government institutions, non-government organizations, or physical infrastructure

Cyberterrorism might be used to destroy the information infrastructure’s physical machinery, remotely disrupting the Internet’s technological foundation, government computer networks, or critical civilian systems such as financial networks and mass media.

Cyberterrorist organizations aim to create widespread pandemonium, disrupt vital infrastructure, support political activity or hacktivism, or inflict physical damage and even death. But let’s underline that hacktivism and cyberterrorism are not the same things.

The difference between hacktivism and cyberterrorism

First of all, hacktivism is nonviolent. It is an umbrella term for using illegal or ambiguous digital technologies to further a political cause. On the other hand, cyberterrorism refers to politically motivated unlawful assaults on data, computer systems, programs, and data that result in violence against non-military targets. Let’s briefly touch on the difference between cybercrime and cyberterrorism to understand the subject better.

The difference between cyberterrorism and cybercrime

The primary distinction between cybercrime and cyberterrorism is the aim of the assault. Cybercriminals are normally out to make money, while cyber terrorists may have a variety of goals and will frequently attempt to inflict damage on key infrastructure.

What are the types of cyberterrorism?

Cyber terrorism is defined as the use of computer networks or systems to inflict intentional damage, cause disruption, and/or intimidate people. These are the most prevalent techniques employed in cyber assaults.

Criminals and non-state actors employ several types of cyber-terrorist attacks to access and corrupt government, military, and business databases; obtain sensitive information for profit; and collect money from governments and businesses, among other goals. The following are some of the most frequent methods used in cyber attacks.

These are types of cyberterrorism:

• Malware
• Advanced persistent threat (APT)
• Phishing
• Ransomware
• DDoS attacks
• Man-in-the-middle attacks
• Data breaches

Cyberterrorism attackers use a variety of methods. The following are some types of attacks:

Malware

Malware is malicious software that compromises computers and networks and causes harm to the victim and/or financial gain for the attacker. Phishing emails, attachments, unethical advertisements, deceptive installation programs, and infected USB drives are examples of popular malware distribution methods.

Ransomware, in which a file is encrypted and held hostage until a ransom is paid to decrypt it; viruses that harm when opened; worms that replicate themselves on the computer and from machine to machine; and spyware that records activities, records conversations, and downloads personal documents are just a few of the kinds of malware.

Advanced persistent threat (APT)

Advanced persistent threat (APT) assaults are sophisticated, purposeful penetrations that aim to acquire network access. The attackers remain undetected after entering the network to steal data. APT assaults often aim at high-value information, such as national defense, manufacturing, and the financial sector.

Phishing

Phishing is an assault that pretends to be an email to entice the receiver into running malware that gathers personal information or causes other damage. Cyber terrorists and other malefactors are increasingly using this method to infect their victims’ machines and networks.

Ransomware

Ransomware is malicious software that prevents people from accessing their files and other resources, then releases them only if they pay a ransom, usually in the form of Bitcoin. Ransomware is often distributed via a phishing scam or more sophisticated spear-phishing attempt, which uses social engineering to deceive the victim into opening the file and executing the attack.

DDoS attacks

Hacker assaults in the form of DDoS attacks are used to try and prevent innocent users from gaining access to targeted computers, devices, or other computer networks. These attackers frequently target key infrastructure and governments.

Man-in-the-middle attacks

A man-in-the-middle attack is comparable to spyware in that the attacker lurks on the victim’s network or computer, recording and logging all of the information that person accesses or transmits. The software captures personal identification numbers, passwords, user IDs, and financial data. Attackers frequently alter the victim’s IDs and passwords to prevent them from accessing their accounts and devices.

Data breaches

A hacker illegally accessing an individual’s or organization’s information is known as a data breach. Personal information and valuable data, such as financial transactions, consumer databases, user credentials, and email addresses are the most common targets of data breaches. According to the Identity Theft Resource Center, through September 2021, there were 1,291 publicly reported data incidents for the year (surpassing the 1,108 recorded in all of 2020), indicating that more people are being affected by cybercrime.

What are the effects of cyberterrorism?

The expense of defending against increasingly sophisticated assaults is one of the consequences of cyber terror attacks on organizations and people. As ransomware becomes more popular, firms and individuals are becoming more susceptible to the cost of paying ransomware demands and data recovery due to a ransomware attack.

The World Economic Forum identifies the following five major cyber-security problems for businesses, governments, and individuals: Cyber attacks are rising in number and sophistication, posing a serious threat to organizations, governments, and people.

1. The growing dependency on technology and the simultaneous rise of cybercrime and espionage have made everyone more susceptible to attacks on government services, healthcare systems, transportation networks, and communication systems. National boundaries are eroding while distinctions between physical and digital realms become increasingly blurred.
2. Because of growing industrial-financial integration, businesses and people rely more on third-party with whom accountability is doubtful.
3. The data security industry’s level of expertise can’t keep up with the cybercriminals’ evolving tactics and technologies. This leaves organizations and individuals scrambling to defend themselves against cyberattacks rather than preventing them.

Cyberterrorism examples

Let’s take a look at some recent examples of cyberterrorism activities.

In March 2021, it was reported that Russian hackers had targeted Lithuanian officials and decision-makers. The cyber-espionage group APT29, which is said to have performed the assaults, exploited the country’s IT infrastructure against organizations involved in developing a COVID-19 vaccine.

On March 21, 2021, the CNA was hit by a ransomware attack, leaving the firm with no control over its network. CNA Financial Corporation is a major insurance business based in the United States. It provides cyber insurance to clients. The hackers’ attack resulted in the company losing access to numerous internet services and business operations. As a result, the CNA was forced to pay 40 million dollars to regain control of its network.

The CNA initially intended to ignore the intruders by attempting to resolve the problem independently, but they were unable because of a lack of ideas. Within a week, they paid ransom money so that they could operate again. Evil Corporation is the group that carried out this attack. It is a good example of what is cyberterrorism.

Phoenix CrytoLocker is a new kind of malware. During the assault, 15,000 devices on the network were encrypted using the new malware. [89] The FBI warns organizations against paying ransomware since it encourages more assaults in the future and guarantees that data will not be returned.

On May 7, 2021, the Colonial Pipeline was targeted by a cyberattack that disrupted oil distribution. The Colonial Pipeline is a pipeline that controls approximately half (45%) of the oil traveling along the East Coast of the United States. Because this incident forced the firm to turn off the line, it had never done so previously.

As a result, many individuals rushed to gas stations to fill their tanks and worried that this assault would spread quickly. In the end, Colonial Pipeline paid roughly $5 million in bitcoin. Even though the company paid out all the cash, it did not turn on as quickly as it once had. DarkSide is a group involved in this incident. The money paid by Colonial Pipeline went to DarkSide, but several other organizations were also involved. Dark Side has decided to cease operations due to legal pressure.

On May 30, 2021, JBS was subject to a cyberattack of ransomware, which delayed production at the plant. JBS is the world’s biggest meat producer, selling meat-based products to customers. All nine beef factories in the United States were shut down due to this attack and poultry and pork production. The closures of the factories resulted in reduced labor, and the cost of meat increased due to the lack of production. In the end, JBS had to pay 11 million dollars worth of cryptocurrency to regain control. A Russian organization called REvil was behind the attack. REvil is a group based in Russia that is among the most productive ransomware organizations.

In the summer of 2021, Cypriot, Israeli, and Lithuanian experts labeled certain criminal acts as Internet terror. The gaming company Affise was the main objective. Ambassador John R. Bolton states these cases are prime examples of Internet terrorism. Because of that, It is a good example of what is cyberterrorism. He said these events result from financial conflict among the owners of Affise, PlayCash, and the “CyberEye-25” group. According to the expert, all three firms seem to benefit from criminal activities on the Internet by gaining unlawful money.

In early December 2021, at least nine members of the State Department in the United States had their phones hacked by an unknown group. All nine of them used Apple iPhones. The hack, which occurred over several months, was carried out using iMessages that included a malware program that installed Pegasus if they were sent without being opened. NSO Group is an Israeli spyware development company that developed and marketed the software utilized.

In December 2021, a group based in China stole data from at least five American defense and technology firms. The campaign came to light in recent months after hackers exploited a vulnerability used by these corporations’ software. Passwords were among the items stolen, and the goal of interception of personal conversations. The full scope of the damage is unknown, as the breaches are still ongoing.

In response to the threat of a Russian invasion of Ukraine in 2022, Anonymous launched several assaults on Russian computer networks. In March 2022, Anonymous carried out a cyberattack against Roskomnadzor. It is one of the most famous examples of what is cyberterrorism.

In April 2022, Taiwan News reported that Cyber Anakin, an Anonymous-affiliated hacker, had carried out a COVID-19 attack under the name “Operation Wrath of Anakin: No Time to Die,” which lasted for less than five days and hacked Chinese computer networks, including government websites, agricultural management systems, coal mine safety interfaces, nuclear power plant interfaces, and satellite interfaces as acts of protest. He had also defaced five Russian sites in response to Russia’s invasion of Ukraine.

Conclusion

The majority of cyberattacks have occurred against government institutions. However, businesses are increasingly becoming targets, which is a shift in the threat landscape. As a result, organizations and other groups must implement continuous monitoring systems, firewalls, antivirus software, and antimalware to safeguard themselves from ransomware and other cyber-attacks.

We hope we have given an explanatory answer to the question of what is cyberterrorism. To be prepared, you can check cybersecurity best practices in 2022 and learn the best cyber security monitoring tools, such as Splunk, P0f, Nagios, and more.